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1. (TS//SI//REL) Project BULLRUN deals with NSA’s abilities to defeat the encryption 
used in specific network communication technologies. BULLRUN involves multiple 
sources, all ofiwhich are extremely sensitive. They include CNE, interdiction, industry 
relationships, collaboration with other IC entities, and advanced mathematical techniques. 
Several ECIs apply to the specific sources, methods, and techniques involved. Because 
ofithe multiple sources involved in BULLRUN activities, “capabilities against a 
technology” does not necessarily equate to decryption. 


2. (U//FOUO) The BULLRUN data label (for use in databases) and marking (for use in 
hard- or softcopy documents) are for internal NSA/CSS use only. It will appear in the 
classification line and corresponding portion markings after all applicable ODNI- 
approved markings are in place. The format is: 
Classification//SCI Control System Markings//CAPCO-approved Dissemination Control 
Markings/BULLRUN. Examples include: 

e TOP SECRET//SI//REL TO USA, FVEY/BULLRUN 

e TOP SECRET//SI-ECI PIQ//ORCON/NOFORN/BULLRUN 


3. (U//FOUO) Appendix A lists specific BULLRUN capabilities. Details may be 
protected by one or more ECI. Contact CES CAO for access to the appendix or further 
guidance. 


Description of Information Classification/Markings Reason Declass Remarks 


A. (U) General 


A.1. (U) The coverterm UNCLASSIFIED N/A N/A 

BULLRUN standing alone 

A.2. (U//FOUO) The coverterm UNCLASSIFIED// N/A N/A (U//FOUO) Related ECIs 

BULLRUN in association with FOR OFFICIAL USE ONLY include, but are not limited to: 
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TOP SECRET//SI//REL TO USA, FVEY 


Description of Information 
NSA/CSS, SIGINT, IC, or any of 
the related ECIs 


Classification/Markings Reason Declass 


B. (U) Partnering/Collaboration 


B.1. (U) The fact that 
Cryptanalysis and Exploitation 
Services (CES) works with: 

e NSA/CSS Commercial 
Solutions Center (NCSC) 

e Tailored Access Operations 
(TAO) 

e Second Party partners 

B.2. (U//FOUO) The fact that 

Cryptanalysis and Exploitation 

Services (CES) works with: 

e NSA/CSS Commercial 
Solutions Center (NCSC) to 
leverage sensitive, 
cooperative relationships with 
specific industry partners 
Tailored Access Operations 
(TAO) to leverage specific 
computer network 
exploitation activities 

e specific U.S. Government/IC 
entities 

to further NSA/CSS capabilities 

against encryption used in 

network communication 
technologies 

B.3. (TS//SI//REL) Details of the 

CES collaboration with: 

e NSA/CSS Commercial 
Solutions Center (NCSC) to 
leverage sensitive, 
cooperative relationships with 
industry partners 

Tailored Access Operations 
(TAO) to leverage computer 
network exploitation activities 
Second Party partners 
specific U.S. Government/IC 
entities 

to further NSA/CSS capabilities 

against encryption used in 

network communication 
technologies 


UNCLASSIFIED 


TOP SECRET//SI// 
REL TO USA, FVEY 


1.4 (c) 25 years* 


See Remarks. 


TOP SECRET//SI// 
REL TO USA, FVEY 
at a minimum 


1.4 (c) 25 years* 


See Remarks. 


APERIODIC, AMBULANT, 
AUNTIE, PAINTEDEAGLE, 
PAWLEYS, PITCHFORD, 
PENDLETON, PICARESQUE, 
PIEDMONT 


(U//FOUO) Details may be 
protected by one or more ECIs 
and/or the secure BULLRUN 
COI. In addition, details may 
need to be marked with the 
BULLRUN data label. 


(U//FOUO) See paragraph #2 at 
the beginning of this guide for 
details on how to mark 
BULLRUN information. 


(U//FOUO) Appendix A lists 
specific BULLRUN capabilities. 


(U) Contact CES CAO for 
further information. 


(U//FOUO) Details may be 
protected by one or more ECIs 
and/or the secure BULLRUN 
COI. In addition, details may 
need to be marked with the 
BULLRUN data label. 


(U//FOUO) See paragraph #2 at 
the beginning of this guide for 
details on how to mark 
BULLRUN information. 


(U//FOUO) Appendix A lists 
specific BULLRUN capabilities. 


(U) Contact CES CAO for 
further information. 
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TOP SECRET//SI//REL TO USA, FVEY 


Description of Information 


Classification/Markings 


C. (U) Capabilities & Targeting 


C.1. (U//FOUO) The fact that 
Cryptanalysis and Exploitation 
Services (CES) develops 


cryptanalytic capabilities to exploit 


the inherent vulnerabilities in the 
encryption used in unspecified 
network communication 
technologies 

C.2. (U//FOUO) The fact that 
NSA/CSS targets specific 
encrypted network communication 
technologies 


C.3. (TS//SI/REL) The fact that 
NSA/CSS has some capabilities 
against the encryption in 
TLS/SSL, HTTPS, SSH, VPNs, 
VoIP, WEBMAIL, and other 
network communication 
technologies 


C.4. (U//FOUO) The fact that 
NSA/CSS has a capability against 
the encryption used in a specific 
implementation of a network 
communication technology 


UNCLASSIFIED// 


FOR OFFICIAL USE ONLY 


SECRET//SI// 
REL TO USA, FVEY 
at a minimum 


See Remarks. 


TOP SECRET//SI// 
REL TO USA, FVEY 
at a minimum 


See Remarks. 


TOP SECRET//SI// 
REL TO USA, FVEY/ 
BULLRUN 


at a minimum 


See Remarks. 


Reason Declass 


1.4 (c) 25 years* 


1.4 (c) 25 years* 


l 


Remarks 


(U//FOUO) Details may raise 
classification level and may be 
protected by one or more ECIs 
and/or the secure BULLRUN 
COI. In addition, details may 
need to be marked with the 
BULLRUN data label. 


(U//FOUO) See paragraph #2 at 
the beginning of this guide for 
details on how to mark 
BULLRUN information. 


(U//FOUO) Appendix A lists 
specific BULLRUN capabilities. 


(U) Contact CES CAO for 
further information. 
(U//FOUO) Details may be 
protected by one or more ECIs 
and/or the secure BULLRUN 
COI. In addition, details may 
need to be marked with the 
BULLRUN data label. 


(U//FOUO) See paragraph #2 at 
the beginning of this guide for 
details on how to mark 
BULLRUN information. 


(U//FOUO) Appendix A lists 
specific BULLRUN capabilities. 


(U) Contact CES CAO for 
further information. 

(U//FOUO) Specific 
implementations may be 
identified by specifying 
equipment manufacturer, service 
provider or target 
implementation. 


(U//FOUO) Details may be 
protected by one or more ECIs 


TOP SECRET//SI//REL TO USA, FVEY 


TOP SECRET//SI//REL TO USA, FVEY 


Remarks 
and/or the secure BULLRUN 
COI. In addition, details may 
need to be marked with the 
BULLRUN data label. 


Classification/Markings Reason Declass 


TOP SECRET//SI// 1.4 (c) 25 years* 
REL TO USA, FVEY 

at a minimum 

See Remarks. 


TOP SECRET//SI// 1.4 (c) 


REL TO USA, FVEY 
1.4 (c) 25 years* 


Description of Information 


(U//FOUO) See paragraph #2 at 
the beginning of this guide for 
details on how to mark 
BULLRUN information. 


(U//FOUO) Appendix A lists 
specific BULLRUN capabilities. 


(U) Contact CES CAO for 
further information. 
(U//FOUO) Details may be 
protected by one or more ECIs 
and/or the secure BULLRUN 
COI. In addition, details may 
need to be marked with the 
BULLRUN data label. 


C.5. (U//FOUO) Details revealing 
specific sources and methods that 
enable a capability against the 
encryption used in network 
communication technologies 


(U//FOUO) See paragraph #2 at 
the beginning of this guide for 
details on how to mark 
BULLRUN information. 


(U//FOUO) Appendix A lists 
specific BULLRUN capabilities. 


(U) Contact CES CAO for 
further information. 
(U//FOUO) Details will be 
protected by one or more ECIs. 
Contact CES CAO for further 

guidance. 


C.6. (TS/SI/REL TO USA, 
FVEY) The fact that NSA/CSS 
develops implants to enable a 
capability against the encryption 
used in network communication 
technologi 


D. (U) Processing & Handling 
D.1. (U//FOUO) Decrypts (aka TOP SECRET//SI// 
plaintext) obtained from REL TO USA, FVEY/ 
BULLRUN capabilities BULLRUN 

at a minimum 


See Remarks. 


(U//FOUO) Decrypts or any data 
extracted from the decrypts must 
be handled within the secure 
BULLRUN COI and must be 
marked with the BULLRUN data 
label, unless Chief S31 (or 
designee) has approved handling 
or dissemination outside of 
BULLRUN. Reports generated 
from BULLRUN-derived 
information must not reveal 
BULLRUN details. 


See Remarks. 


(U//FOUO) Details may be 
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TOP SECRET//SI//REL TO USA, FVEY 


Description of Information Classification/Markings Reason Declass 


protected by one or more ECIs. 
(U//FOUO) See paragraph #2 at 
the beginning of this guide for 
details on how to mark 
BULLRUN information. 
(U//FOUO) Appendix A lists 
specific BULLRUN capabilities. 
(U) Contact CES CAO for 
further information. 


D.2. (U//FOUO) Cryptographic TOP SECRET//SI// 1.4 (c) 25 years* (U) Examples include algorithm 
information obtained from REL TO USA, FVEY/ parameters and passwords. 
BULLRUN capabilities BULLRUN 
at a minimum (U//FOUO) Details may be 
protected by one or more ECIs 
See Remarks. and/or the secure BULLRUN 
COI. In addition, details may 
need to be marked with the 
BULLRUN data label. 
(U//FOUO) See paragraph #2 at 
the beginning of this guide for 
details on how to mark 
BULLRUN information. 
(U//FOUO) Appendix A lists 
specific BULLRUN capabilities. 
(U) Contact CES CAO for 
further information. 


(U) 25 years*: Declassification in 25 years indicates that the information is classified for 25 years from the 
date a document is created or 25 years from the date ofithis original classification decision, whichever is 
later. 


(U) ACRONYMS/DEFINITIONS: 


(U) Capabilities — For the purposes of this classification guide, the NSA/CSS ability to exploit a specific 
technology. This may encompass acquiring and processing plaintext data and/or acquiring, decrypting and 
processing encrypted data. 


(U) HTTPS — HTTP traffic secured inside an SSL/TLS session, indicated by the https:// URL, commonly 
using TCP port 443 


(U) IPSEC -- IPSec, or IP Security, is the Internet Engineering Task Force (IETF) standard for layer 3 
real-time communication security. IPSec allows two hosts (or two gateways) to establish a secure 
connection, sometimes called a tunnel. All traffic is protected at the network layer. (IETF is the Internet 
Engineering Task Force, a loosely self-organized group of people who contribute to the engineering and 
evolution of Internet technologies. It is the principal body engaged in the development of new Internet 
standard specifications.) 
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(U) PPTP — Point-to-Point Tunneling Protocol is a method for implementing virtual private networks. 
The PPTP specification does not describe encryption or authentication features and relies on the protocol 
being tunneled to implement security functionality. 


(U) SSH — Secure Shell. A common protocol used for secure remote computer access 


(U) SSL — Secure Sockets Layer. Commonly used to provide secure network communication. Widely 
used on the internet to provide secure web browsing, webmail, instant messaging, electronic commerce, etc. 


(U) TLS — Transport Layer Security. The follow-on to SSL, SSLv3 and TLSv1.0 are nearly identical. 


(U) VoIP — Voice over Internet Protocol. A general term for the using IP networks to make voice phone 
calls. The application layer protocol can be standards-based (e.g., H.323, SIP), or proprietary (e.g., Skype). 


(U) VPN - Virtual Private Network. A private network that makes use of the public telecommunications 


infrastructure, maintaining privacy via the use of a tunneling protocol and security procedures that typically 
include encryption. Common protocols include IPSEC and PPTP. 


6 
TOP SECRET//SI//REL TO USA, FVEY 


